/// <summary> /// Generates a random secure buffer of chars which are safe for the use on the web - /// a string that only contains "a-z"/"A-Z" and "0-9" and "-"/"_" chars, i.e.: "bo7O0EFasZe-wEty9w0__JiOKk81". /// The length of the string can not be less than 4 and more than 1024 chars /// </summary> public Security.SecureBuffer NextRandomWebSafeSecureBuffer(int minLength = 16, int maxLength = 32) { const int MIN_LEN = 4; const int MAX_LEN = 1024; if (minLength < MIN_LEN) { minLength = MIN_LEN; } if (maxLength > MAX_LEN) { maxLength = MAX_LEN; } var count = minLength; if (maxLength > minLength) { count += this.NextScaledRandomInteger(0, maxLength - minLength); } var result = new Security.SecureBuffer(count); for (var i = 0; i < count; i++) { var b = (byte)CHAR_DICT[(this.NextRandomInteger & CoreConsts.ABS_HASH_MASK) % CHAR_DICT_LEN]; result.Push(b); } result.Seal(); return(result); }
/// <summary> /// Generates a random secure buffer of bytes /// </summary> public Security.SecureBuffer NextRandomSecureBuffer(int minLength, int maxLength) { if (minLength < 0) { minLength = 0; } var count = minLength; if (maxLength > minLength) { count = this.NextScaledRandomInteger(minLength, maxLength); } var buffer = new Security.SecureBuffer(count); var bytes = new byte[4]; for (var i = 0; i < count; i += 4) { bytes.WriteBEInt32(this.NextRandomInteger); for (var j = 0; j < 4 && i + j < count; j++) { buffer.Push(bytes[j]); bytes[j] = 0; } } buffer.Seal(); return(buffer); }
/// <summary> /// Obtains an unsecure string password as SecureBuffer. /// Note: The IDPasswordCredentials class is purposely designed to store password as plain text. /// This is needed for simple cases and HTTP application where login credentials are posted via plain text anyway /// </summary> public static SecureBuffer PlainPasswordToSecureBuffer(string password) { SecureBuffer buffer; if (password.IsNullOrEmpty()) { buffer = new SecureBuffer(0); } else { var bytes = Encoding.UTF8.GetBytes(password); buffer = new SecureBuffer(bytes.Length); foreach (var b in bytes) { buffer.Push(b); } Array.Clear(bytes, 0, bytes.Length); } buffer.Seal(); return(buffer); }